jbenet
commented
10 years ago (I guess I should note, this is for encrypting/signing purposes only, obviously no anonymity here.)
Closed jbenet closed 10 years ago
jbenet
commented
10 years ago (I guess I should note, this is for encrypting/signing purposes only, obviously no anonymity here.)
dcposch
commented
10 years ago Namecoin, specifically: http://dot-bit.org/Namespace:Identity
And it's not incompatible with pseudo anonymity. For example, Satoshi of Bitcoin fame could register satoshi@scramble.io ; he could even reveal (carefully) that this is his address, and people could converse with him; it wouldn't give away anything about his real identity. If he does it through Tor, it wouldn't give away his IP address either, even to someone wiretapping the server.
Of course, if I register "dcposch@scramble.io", it's not particularly anonymous, since the name "dcposch" is associated with my real identity. Most users won't be anonymous, at least not in the strong sense. (For example: if you text a friend your Scramble address, a government can find it and then they know the real identity associated with that address by looking up your phone number.)
The unique challenges of anonymity are the same regardless of whether we're using
jaekwon
commented
10 years ago Where would the blockchain reside, on the server? The client would then have to trust that the server isn't compromised to respond with a bad key. The client could be set up to ask multiple servers for blockchain validation (name lookup), but that doesn't sound very secure or elegant....
dcposch
commented
10 years ago Yeah, this would only be interesting in the context of a browser extension, where you can load the blockchain directly on the client.
For example: http://blockchain.info/wallet/chrome-extension
On Mon, Sep 9, 2013 at 9:07 PM, jaekwon notifications@github.com wrote:
Where would the blockchain reside, on the server? The client would then have to trust that the server isn't compromised to respond with a bad key. The client could be set up to ask multiple servers for blockchain validation, but that doesn't sound very secure or elegant....
— Reply to this email directly or view it on GitHubhttps://github.com/dcposch/scramble/issues/26#issuecomment-24132338 .
jaekwon
commented
10 years ago Here is an alternative proposal. Curious what you all think.
https://github.com/dcposch/scramble/wiki/Addr-Resolution-via-Notaries
jaekwon
commented
10 years ago Well, looks like we're going with the name resolution proposal ;)
Yesterday, @dcposch and I chatted about alternative key exchange mechanisms. I suggested using the bitcoin blockchain to store/retrieve addressee's public keys. Something like BTProof but mapping
some name : public key.Turns out namecoin's already on to this :) see https://dot-bit.org/Namespace:Identity But, I think namecoin (which uses a different blockchain) is less likely to be adopted than a solution on top of the BTC blockchain itself.
So a
key-coinsite that supports storing, retrieving, and revoking public keys (with similar semantics as pgp.mit.edu and other pgp servers) could be useful. In particular, if it had an http rest api.Why is this relevant? Given a service like that, scramble could support looking up keys from names, with autocomplete. So that in the
to:field, one can start typing a name and see possible addressees. :)See also: http://en.wikipedia.org/wiki/Key_server_%28cryptographic%29